2016 SYSVOL and NETLOGON shares missing from New Domain Controllers added to 2012 and below.
after going through server 2k 2012r2 documentation , following recommendations within said forums, simplest solution presented itself.
it came down simple registry change.
open administrative powershell.
run net share
review shares , find netlogon , sysvol shares, if there turn them off , on in registry.
type regedt32 in powershell , edit following registry entry
hkey_local_machine\system\currentcontrolset\services\netlogon\parameters
change sysvolready=0 <<<< turns off sysvol , netlogon shares.
change sysvolready=1 <<<< creates , shares sysvol , netlogon automatically.
do domain controllers
run dcdiag /v
if tired of seeing old errors clear logs in powershell script.
wevtutil el | foreach-object {wevtutil cl "$_"}
i able fix errors dns prior using fix.
i still have 1 error can not around, not go away, 100 hours later.
starting test: verifyreferencesthe system object reference (serverreference) cn=srv6,ou=domain controllers,dc=acs,dc=local , backlink on
cn=srv6,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=acs,dc=local correct.
some objects relating dc srv6 have problems:
[1] problem: missing expected value
base object:
cn=ntds settings,cn=srv6,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=acs,dc=local
base object description: "dsa object"
value object attribute name: serverreferencebl
value object description: "sysvol frs member object"
recommended action: see knowledge base article: q312862
[1] problem: missing expected value
base object: cn=srv6,ou=domain controllers,dc=acs,dc=local
base object description: "dc account object"
value object attribute name: msdfsr-computerreferencebl
value object description: "sysvol frs member object"
recommended action: see knowledge base article: q312862
......................... srv6 failed test verifyreferences
this last dcdiag error on 2012r2 legacy server, 5 new 2016 servers replicating sysvol, netlogon. can demote , remove server error still in place, when server removed, no more error. if has advice, please do, error may issue else wishing keep server.
my notes commands used prepair 2012 server demotion.
most commands work on 2016, rest work on older servers.
public ip(isp dns) used external domain name resolution,should configured in forwarder of dns servers.
never use public ip configured directly in nic either of dc or clients.
make sure dc points dc it's primary dns server, , second. latest ms have loopback adapter listed third option in network adaptor.
reinicialize netlogon shares if disapear
hkey_local_machine\system\currentcontrolset\services\netlogon\parameters sysvolready change 0 1
clear logs powershell script
wevtutil el | foreach-object {wevtutil cl "$_"}
domain controller diagnostic list
dcdiag /v >>dcdiag.results.txt
dcdiag /e
dcdiag /d
dcdiag /a
dcdiag /c /v
dcdiag /test:advertising
dcdiag /test:netlogons
dcdiag /v /c /d /e /s:yourdomain.local >>c:\dcdiag.log
specific source dc use /replsource:<dc>
netdom query fsmo <<<<powershell app
gpresult /h c:\secpol.htm <read secpol.htm when done
dfsrdiag.exe pollad <<<< run on servers
dfsrdiag.exe pollad /member:domain\server1
dfsrmig.exe /getmigrationstate
dfsrmig.exe /getglobalstate
repadmin /replsum
repadmin /showrepl
repadmin /showreps
repadmin /syncall
ntfrsutl ds daserver
ntfrsutl poll /now
ntfrsutl sets
dfsutil /spcinfo
dfsutil /spcflush
mmc/tools/dfs management --- right hand menu >>> create diagnostic reports
net stop , start ntfrs
__________________________________________
ntdsutil.exe
ds behavior
connections
_________________________________________
reset dns
ipconfig /flushdns
ipconfig /registerdns
net stop dns
net stop netlogon
net start dns
net start netlogon
_______________________________________________________________
reset dsrm administrator password
click, start, click run, type
ntdsutil
, click ok.
@ ntdsutil command prompt, type
set dsrm password
@ dsrm command prompt, type 1 of following
lines:
reset password on server on are
working, type
reset password on server null
type password.
forest yourdomain.local
(dsrm password)-> whateveryoulike
_____________________________________________________________________
reset time server
w32tm /config /manualpeerlist:time.nist.gov /syncfromflags:manual /reliable:yes /update
w32tm /resync /rediscover
_____________________________________________________________________
fix journal wrap error
modify default behavior, make following changes in registry
instruct frs handle jrnl_wrap_error status automatically:
1. stop frs.
2. start registry editor (regedt32.exe).
3. locate , click following key in registry:
hkey_local_machine\system\currentcontrolset\services\ntfrs\parameters
4. on edit menu, click add value, , add following registry
value:
inserted key, not there.
value name: enable journal wrap automatic restore
data type: reg_dword
radix: hexadecimal
value data: 1 (default 0)
5. quit registry editor.
6. restart frs.
______________________________________________________
>> how rebuild sysvol tree , content in domain <<
https://support.microsoft.com/en-us/help/315457/how-to-rebuild-the-sysvol-tree-and-its-content-in-a-domain
sysvol on newly promoted dc not synchronising, replication looks ok?
https://blogs.technet.microsoft.com/ziggy/2013/08/20/sysvol-on-newly-promoted-dc-is-not-synchronising-but-replication-looks-ok/
how remove orphaned domain controller
https://support.microsoft.com/en-us/help/555846
promissing>>>>^^^^^^^
how remove orphaned domains active directory
https://support.microsoft.com/en-us/help/230306/how-to-remove-orphaned-domains-from-active-directory
dfs replication: how troubleshoot missing sysvol , netlogon shares
https://support.microsoft.com/en-us/help/2958414/dfs-replication-how-to-troubleshoot-missing-sysvol-and-netlogon-shares
sysvol , group policy out of sync on server 2012 r2 dcs using dfsr
http://jackstromberg.com/2014/07/sysvol-and-group-policy-out-of-sync-on-server-2012-r2-dcs-using-dfsr/
how configure authoritative time server in windows server
https://support.microsoft.com/en-us/help/816042/how-to-configure-an-authoritative-time-server-in-windows-server
step-by-step: migrating active directory fsmo roles windows server 2012 r2 2016 <<<< promising
https://blogs.technet.microsoft.com/canitpro/2017/05/24/step-by-step-migrating-active-directory-fsmo-roles-from-windows-server-2012-r2-to-2016/
restoring , rebuilding sysvol
https://technet.microsoft.com/en-us/library/cc816596(v=ws.10).aspx
server 2012
fix: active directory corrupted (ntds isam database corruption errors in eventlog)
https://social.technet.microsoft.com/forums/windowsserver/en-us/172eb4bb-a8df-42ce-a1c7-472d33dc210a/fix-active-directory-corrupted-ntds-isam-database-corruption-errors-in-eventlog?forum=winserverds
give credentials azure active directory
https://redmondmag.com/articles/2017/07/01/azureadb2b.aspx
sysvol replication migration guide: frs dfs replication
https://www.microsoft.com/en-us/download/details.aspx?id=4843
https://gallery.technet.microsoft.com/powershell-active-4ffedca4?ranmid=24542&raneaid=tnl5hpstwnw&ransiteid=tnl5hpstwnw-urtobc1h4xr3bi_8fiyqxq&tduid=(9d370126878cc542a1f4dc177390473f)(256380)(2459594)(tnl5hpstwnw-urtobc1h4xr3bi_8fiyqxq)()
https://support.microsoft.com/en-us/help/816042/how-to-configure-an-authoritative-time-server-in-windows-server
most commands work on 2016, rest work on older servers.
public ip(isp dns) used external domain name resolution,should configured in forwarder of dns servers.
never use public ip configured directly in nic either of dc or clients.
make sure dc points dc it's primary dns server, , second. latest ms have loopback adapter listed third option in network adaptor.
reinicialize netlogon shares if disapear
hkey_local_machine\system\currentcontrolset\services\netlogon\parameters sysvolready change 0 1
clear logs powershell script
wevtutil el | foreach-object {wevtutil cl "$_"}
domain controller diagnostic list
dcdiag /v >>dcdiag.results.txt
dcdiag /e
dcdiag /d
dcdiag /a
dcdiag /c /v
dcdiag /test:advertising
dcdiag /test:netlogons
dcdiag /v /c /d /e /s:yourdomain.local >>c:\dcdiag.log
specific source dc use /replsource:<dc>
netdom query fsmo <<<<powershell app
gpresult /h c:\secpol.htm <read secpol.htm when done
dfsrdiag.exe pollad <<<< run on servers
dfsrdiag.exe pollad /member:domain\server1
dfsrmig.exe /getmigrationstate
dfsrmig.exe /getglobalstate
repadmin /replsum
repadmin /showrepl
repadmin /showreps
repadmin /syncall
ntfrsutl ds daserver
ntfrsutl poll /now
ntfrsutl sets
dfsutil /spcinfo
dfsutil /spcflush
mmc/tools/dfs management --- right hand menu >>> create diagnostic reports
net stop , start ntfrs
__________________________________________
ntdsutil.exe
ds behavior
connections
_________________________________________
reset dns
ipconfig /flushdns
ipconfig /registerdns
net stop dns
net stop netlogon
net start dns
net start netlogon
_______________________________________________________________
reset dsrm administrator password
click, start, click run, type
ntdsutil
, click ok.
@ ntdsutil command prompt, type
set dsrm password
@ dsrm command prompt, type 1 of following
lines:
reset password on server on are
working, type
reset password on server null
type password.
forest yourdomain.local
(dsrm password)-> whateveryoulike
_____________________________________________________________________
reset time server
w32tm /config /manualpeerlist:time.nist.gov /syncfromflags:manual /reliable:yes /update
w32tm /resync /rediscover
_____________________________________________________________________
fix journal wrap error
modify default behavior, make following changes in registry
instruct frs handle jrnl_wrap_error status automatically:
1. stop frs.
2. start registry editor (regedt32.exe).
3. locate , click following key in registry:
hkey_local_machine\system\currentcontrolset\services\ntfrs\parameters
4. on edit menu, click add value, , add following registry
value:
inserted key, not there.
value name: enable journal wrap automatic restore
data type: reg_dword
radix: hexadecimal
value data: 1 (default 0)
5. quit registry editor.
6. restart frs.
______________________________________________________
>> how rebuild sysvol tree , content in domain <<
https://support.microsoft.com/en-us/help/315457/how-to-rebuild-the-sysvol-tree-and-its-content-in-a-domain
sysvol on newly promoted dc not synchronising, replication looks ok?
https://blogs.technet.microsoft.com/ziggy/2013/08/20/sysvol-on-newly-promoted-dc-is-not-synchronising-but-replication-looks-ok/
how remove orphaned domain controller
https://support.microsoft.com/en-us/help/555846
promissing>>>>^^^^^^^
how remove orphaned domains active directory
https://support.microsoft.com/en-us/help/230306/how-to-remove-orphaned-domains-from-active-directory
dfs replication: how troubleshoot missing sysvol , netlogon shares
https://support.microsoft.com/en-us/help/2958414/dfs-replication-how-to-troubleshoot-missing-sysvol-and-netlogon-shares
sysvol , group policy out of sync on server 2012 r2 dcs using dfsr
http://jackstromberg.com/2014/07/sysvol-and-group-policy-out-of-sync-on-server-2012-r2-dcs-using-dfsr/
how configure authoritative time server in windows server
https://support.microsoft.com/en-us/help/816042/how-to-configure-an-authoritative-time-server-in-windows-server
step-by-step: migrating active directory fsmo roles windows server 2012 r2 2016 <<<< promising
https://blogs.technet.microsoft.com/canitpro/2017/05/24/step-by-step-migrating-active-directory-fsmo-roles-from-windows-server-2012-r2-to-2016/
restoring , rebuilding sysvol
https://technet.microsoft.com/en-us/library/cc816596(v=ws.10).aspx
server 2012
fix: active directory corrupted (ntds isam database corruption errors in eventlog)
https://social.technet.microsoft.com/forums/windowsserver/en-us/172eb4bb-a8df-42ce-a1c7-472d33dc210a/fix-active-directory-corrupted-ntds-isam-database-corruption-errors-in-eventlog?forum=winserverds
give credentials azure active directory
https://redmondmag.com/articles/2017/07/01/azureadb2b.aspx
sysvol replication migration guide: frs dfs replication
https://www.microsoft.com/en-us/download/details.aspx?id=4843
https://gallery.technet.microsoft.com/powershell-active-4ffedca4?ranmid=24542&raneaid=tnl5hpstwnw&ransiteid=tnl5hpstwnw-urtobc1h4xr3bi_8fiyqxq&tduid=(9d370126878cc542a1f4dc177390473f)(256380)(2459594)(tnl5hpstwnw-urtobc1h4xr3bi_8fiyqxq)()
https://support.microsoft.com/en-us/help/816042/how-to-configure-an-authoritative-time-server-in-windows-server
Windows Server > Windows Server 2016 General
Comments
Post a Comment